On 16/10/17 17:35, Tony Su wrote:
From the general description (I haven't been able to inspect a detailed demo), it looks like a cousin to the Diffie Hellman flaw described last year.
If so, - All encrypted traffic including SSL/TLS, SSH, VPNs, etc should be protected despite the researchers' suggestion that <might> also be vulnerable. And, all User activity that involves exchanging passwords on websites, Financial/Banking, email and other activity are covered here.
- The other stuff about capturing, replaying and injecting content or even false network settings is a different consideration, but if this is not much different than what has always been possible using aircrack-ng against WEP or WPA1, then there are practical considerations which can make this kind of attack difficult although possible... like...
The attacker might have to capture gigabytes of data to obtain the few packets which contain a WPA handshake. Low activity APs might be more vulnerable than heavily used.
Once captured, the attacker has to crack the keys. Depending on strength and available machine resources plus method of crack (are rainbow tables available and used?), this might take awhile
LIKE A COUPLE OF NANOSECONDS? Sorry for shouting, but the nature of the crack tricks wpa_supplicant into using a key of 0x00.
Once cracked, the keys are usable for only as long as the original User has not yet closed his wireless session. Once the User has disconnected, then a new session and handshake has to be cracked.
So, Unless you're supporting a high security wireless network, I don't think that anyone should be pressing any emergency buttons, and if you were supporting a high security network then I'd be questioning why you even have Wifi or not deploying WiFi that automatically rotates new keys every few minutes.
Yes you should be pressing security buttons. The key is absolutely no protection at all! Cheers, Wol -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org